Simple inquiries regarding keylock and security.

Similar Messages

• Need info regarding Oracle UCM Accounts and Security Groups behaviour

  Need information regarding Oracle UCM Accounts and Security Groups behaviour.
  Oracle UCM version: 11.1.1.5.0
  Steps:
  1. Log in with "weblogic" user and created a content with id "content1"
  2. Applied "@acc1(R)" and "TestGroup1" to the cotent created in step 1
  3. Log out
  4. Log in as "acc1user1", the user is not able to see the "content1"
  5. Log out
  6. Log in as "role1user1", the user is not able to see the "content1"
  Account and Group information:
  1. User "acc1user1" is part of "@acc1(R)"
  2. User "role1user1" is part of "role1(R)" and is mapped to "TestGroup1" in UCM
  Expected:
  Both "acc1user1" and "role1user1" should be able to see "content1" as they have at least Read permission.
  Please help me understand why the users are not able to see the content.

  ACLs, like Accounts, are optional security setting which may add on some extra functionality to mandatory security groups. Likewise, the resulting permission is taken as an intersection of SG and ACLs.
  But in the second part the number of set of users is huge (approx say 600)I don't get this completely. Does this mean that those "sets of users" (users who see the same data) are distinct and that there is 600 of such groups?
  If you read thoroughly the manual I sent earlier, there is a recommendation that there should be maximum 50 security groups, and you should use accounts, should this number be exceeded. This means you could have all the documents in one security group (and have one common role with Read permission), but combine it with accounts. ACLs are not a good choice here - their performance and manageability is much worse than of accounts. ACLs are primarily used if you expect security settings to change during the lifetime (e.g. a project manager adds temporarily rights to access an item to another user, and revokes it when the user finishes his or her work).
  Note that accounts as well as permissions of users within accounts can also be mapped externally (from LDAP/AD) and it usually follows some kind of org chart.
  I'd feel more comfortable not to speak about users, security groups, roles, etc., but about some real-life objects and scenarios.

• Simple Authentication and Security Layer

  Hi All,
  What is Simple Authentication and Security Layer (SASL)?? and what it's function in Oracle Beehive??
  Thanks,
  Dha_Suh

  wikipedia :
  Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. Authentication mechanisms can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 is an example of mechanisms which can provide a data security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.
  SASL was originally specified in RFC 2222, authored by John Gardiner Myers while at Carnegie Mellon University. That document was obsoleted by RFC 4422, edited by Alexey Melnikov and Kurt Zeilenga.
  SASL is an IETF Standard Track protocol, presently a Proposed Standard.

• Where exadata stands per regards to availability, security, and easy to use

  Dears,
  I would like to have details on how exadata could ensure availability, security and storage performance. In other words I know that exadata represent both a database(11g2) and a hosting server for that database. How this hosting service and this configuration could be different from other existing configurations
  Thanks in advance
  Mohamed Houri

  >
  But when the system come pre-configured ready to be turned on day one, already configured and secured by the Oracle team, isn't this a problem initself? The Oracle team knows more about the configuration than
  the customer who has been delivred the exadata machine does?This is the reason there is documentation provided as part of the hand off. Any new system is, by definition, new and you'll know less about it until you start using it and get accustomed to its configuration and setup. This is the reason you shouldn't expect to put your new system into production immediately, but rather after you've tested it and become familiar with it.
  Another question also came to my mind: when there is a problem within this machine can the local DBA/storage/OS team solve the problem without refering to Oracle? Will this not break a support SLA?I'm not sure how you are using the term SLA, but fixing your system yourself doesn't violate any support agreement. Your SLA is your service agreement with your customer and you need to do what you need in order to meet that.
  That said, there are some things that you aren't allowed to do (i.e. installing software or making configuration changes on storage cells). But generally speaking, if your system is running normally and has some issue, the issue is more likely related to RAC or RDBMS and changing or fixing things there is within your control to remedy.

• Question regarding selectOneMenu and PROCESS_VALIDATIONS(3) phase

  Hi im a bit lost regarding selectOneMenu and how validation phase all works together.
  The thing is that i have a simple selectOneMenu
  <h:form id="SearchForm">                                                  
       <h:panelGrid columns="3"  border="0">
            <h:outputLabel id="caseTypeText" value="#{msg.searchCaseCaseType}" for="caseType" />                         
            <h:selectOneMenu id="caseType" value="#{searchCaseBean.caseType}" style="width: 200px;" binding="#{searchCaseBean.caseTypeSelect}">     
                 <f:selectItem itemValue="" itemLabel="#{msg.CommonTextAll}" />                                             
                 <f:selectItems value="#{searchCaseBean.caseTypes}"  />                              
            </h:selectOneMenu>
            <h:message for="caseType" styleClass="errorMessage" />
            <h:panelGroup />
            <h:panelGroup />
            <h:commandButton action="#{searchCaseBean.actionSearch}" value="#{msg.buttonSearch}" />
       </h:panelGrid>
  </h:form>Now when i hit submit button i can see that the bean method searchCaseBean.caseTypes (used in the <f:selectItems> tag) is executed in the PROCESS_VALIDATIONS(3) phase. How come? I dont whant this method to be executed in phase 3, only in phase 6.
  If i add the this in the method if (FacesContext.getCurrentInstance().getRenderResponse())
  public List<SelectItem> getStepStatuses(){
       List<CaseStep> caseSteps = new ArrayList<CaseStep>();
       if (FacesContext.getCurrentInstance().getRenderResponse()) {
            caseSteps = getCaseService().getCaseStep(value);     
       List<SelectItem> selectItems = new ArrayList<SelectItem>(caseSteps.size());
       for(int i=0; i < caseSteps.size(); i++){
            CaseStep step = caseSteps.get(i);               
            String stepStatus = step.getStatus() + "_" + step.getSubStatus();           
            selectItems.add(new SelectItem(stepStatus, step.getShortName()));
       return selectItems;
  } Now i get a validation error (javax.faces.component.UISelectOne.INVALID) for the select field and only phase1, phase2, phase 3 and phase 6 is executed.
  Im lost?

  I see. Many thanxs BalusC. Im using your blog very often, and its very helpfull for me.
  I changed now to use the constructor load method instead. But know im getting problem of calling my service layer (Spring service bean). Its seems they havent been init when jsf bean is calling its constructor.
  Can i init the spring service bean from the faces-config file?
  JSF Bean
      public SearchCaseBean() {
            super();
                  //caseService need to be init
            if(getCaseService() == null){
                 setCaseService((CaseService)getWebApplicationContextBean("caseService"));
            fillCaseTypeSelectItems();
            fillCaseStatusSelectItems();
  .....faces-config
  <managed-bean>
            <managed-bean-name>searchCaseBean</managed-bean-name>
            <managed-bean-class>portal.web.SearchCaseBean</managed-bean-class>
            <managed-bean-scope>request</managed-bean-scope>          
            <managed-property>
                 <property-name>caseService</property-name>
                 <value>#{caseService}</value>
            </managed-property>
       </managed-bean>

• "logon time" between USR41 and security audit log

  Dear colleagues,
  I got a following question from customer for security audit reason.
  > 'Logon date' and 'Logon time' values stored in table  USR41 are exactly same as
  > logon history of Security Audit Log(Tr-cd:SM20)?
  Table:USR41 saves 'logon date' and 'logon time' when user logs on to SAP System from SAP GUI.
  And the Security Audit Log(Tr-cd:SM20) can save user's logon history;
  at the time when user logged on, the security audit log is recorded .
  I tried to check SAP GUI logon program:SAPMSYST several ways, however,
  I could not check it because the program is protected even for read access.
  I want to know about specification of "logon time" between USR41 and security audit log,
  or about how to look into the program:SAPMSYST and debug it.
  Thank you.
  Best Regards.

  Hi,
  If you configure Security Audit you can achieve your goals...
  1-Audit the employees how access the screens, tables, data...etc
  Answer : Option 1 & 3
  2-Audit all changes by all users to the data
  Answer : Option 1 & 3
  3-Keep the data up to one month
  Answer: No such settings, but you can define maximum log size.
  4-Log retention period can be defined.
  Answer: No !.. but you can define maximum log size.
  SM19/SM20 Options:
  1-Dialog logon
  You can check how many users logged in and at what time
  2-RFC login/call
  Same as above you can check RFC logins
  3-Transaction/report start
  You can see which report or transaction are executed and at what time
  (It will help you to analyise unauthorized data change. Transactions/report can give you an idea, what data has been changed. So you can see who changed the data)
  4-User master change
  (You can see user master changes log with this option)
  5-System/Other events
  (System error can be logged using this option)
  Hope, it clear the things...
  Regards.
  Rajesh Narkhede

• RE-FX Internal contracts and security deposit contracts

  Hi All
  Please let me know the purpose of creating internal contracts and security deposit contracts and their diff with normal contract. in ecc6.0.
  Regards
  shantanu

  Hi
  Thanks for reply.
  how to settle cost between two department in internal contract? through rerapp?
  suppose there are two department(A and B)  and A wants to transfer cost to B because this cost does not belongs to A.
  and A has already post entry exps dr
                                                       to vendor.....
  now through internal contract A wants to .post .above exps as income
  B   Dr.
  to expenses...
  Is above scenario is correct.?
  Regards
  shantanu

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• Email hacked, password reset and security details ...

  Hi All, just need some advice really.
  My primary email was hacked last week, and my password changed. I have taken all measures to try and regain control but have been unsuccesful. I have spoken to four different people today on the phone. First of all i was moved to a different department twice, thn I was told I had to speak with the security department as the security questions had the wrong answers! When I eventually got through,and after 30 minutes of being on the phone, I was told that I cannot be helped. I explained 5 times what the issue was and that I had been referred to this department becuas eof security question isssues, but that was not registered!!!
  i was then told to use the forgotten password option! As I had already said three times, I had tried this, but the answers had been changed! Thats why I was on the phone to sort this out. I was then told that my answers had been reste and to wait a little while. Five hours later I have come back to try and sort this out and I STIILL HAVE THE SAME ISSUE! I don't know what to do now, as the first time round took over an hour to try and get somewhere!!!!
  Can someone please refer me to someone who is actually going to LISTEN and help, rather than telling me that 'I can't help you madam'

  i am sorry to see that someone else is having this sort of problem
  the security and customer help in India cannot be trusted,
  they actually allowed somebody to have access to my e-mail and account details
  then despite my objections allowed someone to stop my phone calls and
  send them to a mycander mobile phone (ending238)
  then all sorts of pain followed.
  THE ONLY SOLUTIONS IS TO WRITE TO THE DIRECTORS OF BT AND SEEK HELP FROM THE CHAIRMANS
  SUPPORT TEAM. TRY SUE HALPIN. I THREATENED LEGAL ACTION AND WOULD/MAY CARRY OUT THAT THREAT.
  even she was confused and disturbed by the trouble she had getting things put right, is it to simple,
  get a new primary e-mail and anew logon to bt.com (your account)
  change your passwords and security questions, do not use the same for both
  all that fus about including a number or a capital is rubbish but you are t a degree stuck wth a number
  use something like 25sausagecaravanaxe. at least 14 letters no linking of the words like carrotsaladwatercress1
  just pure rubbish
  if you want the names and personal postboxes of the directors at newgate st london let me know
  i have had 2 months of pure pain and distress, keep in mind when speeking to some call centres
  you cannot educate pork, never give them admin rights and remote access.
  or beleive the latest from India   its all caused by Iphones and Ipads
  best of

• Property editor, Permission editor and security zone

  Could anyone let me know what different between <u>Property editor, Permission editor and security zone</u> when we build the new role in portal and have to go through these three for setting up. Could you compare them with creating new role in R/3 system?
  Thank you so much and sorry to bother you guys.

  Hi,
  Property editor is the editor which shows a list of properties of any pcd object like iView property or page property etc. Using this, u can edit the properties of the pcd object.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/9e/7d9713087311d7b84600047582c9f7/frameset.htm
  Permission editor is the editor where u can change the permission level for particular application or portal content objects like read/ write permission, end user permission etc. So using this, u can set permissions for different users to access different pcd objects.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/5b/0fab1b76984ed0944d5c732cfad1b2/frameset.htm
  Security zone mentions the level of portal security like low, high etc.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/25/85de55a94c4b5fa7a2d74e8ed201b0/frameset.htm
  Regards,
  Vijai

• Leopard 10.5.4 update and security patches

  I am new to macs and I have a question regarding OS updates and security patches. I installed the 10.5.4 update. Do I need to install the 2008-004 security update?
  Thanks.

  Welcome to Apple Discussions and welcome to Mac
  The easiest way to find out exactly what your Mac needs is to go to your Apple menu and choose Software Update.
  EDIT: It should include it but I had to check because I used the Combo Update.
  -mj
  Message was edited by: macjack

• Firewall and security

  Hello All,
  I have a basic question
  "The requirement is such that we need to create a portal for our vendors to access and we still want that all our vendors (no matter how trusted they may be ) not to access our systems that are inside the firewall."
  Is this possible in EP or how does EP support/address this??can any one send me the architecture diagram and an explanation for the same.
  Thanks and Regards
  Pradeep Bhojak

  Hi Pradeep,
     SAP's EP is designed to work with in a variety of firewall/DMZ configurations.  With out knowing your specific network architecture, it would be had to say how it would best fit your environment.  I suggest you download the portal master guide and security guide from service marketplace.
  http://service.sap.com/nw-ep   On the navigation panel, select Portal > Media Library > Documentation & More > EP6 SP2 (or your portal version) > Fundamentals.
  This guides give insight into the portal architecture and how it will work in your environment.
  Thanks,
  John

• Best and secure way to connect 2 cores

  Hello,
  I would like to know the best and secure way to do that :
  PIX2 ethernet 0.1 --> Catalyst 3750 --> Catalyst 4006 --> PIX1 ethernet 1.1
  the catalyst 4006 is the VLAN manager both of the pix use subinterfaces
  for the moment i configured the interface on the 4006 as trunk but i am not really good with prunning allowed vlans
  Can you please give some help ?
  Regards,

  sorry because i am french ;) what i want to do is to share only one vlan between the C4006 which the vlans root and the C3750 because i use virtual interfaces on my Cisco PIX's so vlans need to be configured.
  What i don't want to do is to allow other vlans on the C4006 to be distribute through the C3750 which has already some vlans that can have the same vlans id.
  Regards,

• Possible (and secure) architectures for E-Recruitment Web Enabled???

  Hello,
  i need informations about posible (and secure) architecture solutions for E-Recruitment Web Enabled.
  I found one basic exsample in the E-Recruiting system architecture guide, but it is a exsample from 2003.
  do someone use E-Recruiting web enabled and in what for a topology?
  regards
  chris

  Hellow Christian,
  Successful e-recruiting relies on strong long-term relationships with both current and potential employees u2013 and on the ability to locate appropriate positions for talented individuals from within and outside the organization. The SAP E-Recruiting application offers innovative support for talent relationship management, as well as traditional central recruiting functions.
  SAP E-Recruiting, a fully Web-enabled, end-to-end recruiting solution, accelerates and streamlines the recruiting process with a comprehensive strategy that that enables your company to build up and draw from a qualified, global pool of internal and external talent. Recruiters can take advantage of this talent pool to quickly find the staff they need, while collaborating closely with hiring managers throughout the hiring process.
  Applicant tracking and reporting functions help organize the processing of job applications and monitor the effectiveness of the recruiting organization. A collaboration platform links SAP E-Recruiting to external systems such as job boards, recruiting service providers, and your company's internal systems.
  Please check this links for reference
  http://www.sap.com/solutions/business-suite/erp/hcm/featuresfunctions/index.epx
  http://www.sap.com/solutions/business-suite/erp/erecruiting.epx
  Thank you,
  Shyam

• HT1146 i cant receive emails from apple regarding resetting my security questions any idea ? i have tried evrything :(

  help me with this pls i cant receive emails from apple regarding resetting my security questions any idea ? i have tried evrything

  Click here and request assistance.
  (75854)